Why would you want to define risk weights?
The Vulcan Platform incorporates different contextual attributes to produce a dynamic risk score for each vulnerability in your environment. The system allows you to set your own weights for the different attributes and choose which aspects are more important to you.
When defining risk priority weights, you can set different wights for CVE-based vulnerabilities (which have threat feeds) and for non-CVE-based vulnerabilities (which do NOT have threat feeds). This keeps a level playing field, giving vulnerabilities a more accurate risk score based on their attributes.
Define risk weights
To define your risk priority weights:
Go to Settings > Risk
Set the numbers (weights) for each attribute. The values in each row must add up to one.
Use the table to set different weights for the attributes that define the risk for each vulnerability instance (atomic risk):
Attribute | Description |
Severity | CVSS or other scores as provided by the scanning vendor. |
Threats | Exploits, malware, and other threat intelligence retrieved |
Tags | The impact (high, medium, low) of tags on the vulnerable assets. |